See the DenyHosts script for the response - this has been going on for
years. There's no specific vulnerability, it's more a strength in
numbers / worm like attack. The automated attack guesses right often
enough to propagate and presumably build a *nix based botnet.